Oracle Database Vault
Privilege Analysis

Oracle Database Vault with Oracle Database 12c introduces a new feature called Privilege Analysis to further harden the application by identifying unused privileges and roles based upon the actual usage of the roles and privileges by the user or from within the application. Understanding the set of unused roles and privileges is important because it helps identify the least number of privileges the application needs to run there by making the application more secure.

This feature extends the capabilities of Oracle Database Vault to include least privilege analysis for existing applications and a continuous analysis of privileges used during new application development. Privilege Analysis allows customers to:

Using the new Privilege Analysis feature, the set of run-time roles and privileges required for specific job functions or application can be determined and then encapsulated within a new database role. Unused privileges can be audited to track their use before revoking them from users or roles. Privilege Analysis allows organizations to increase security of existing applications as well as monitor privileges required during the application development process.